10341000x8000000000000000259754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:01.608{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:37:00.576{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:59.560{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:58.542{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:57.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.512{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.510{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.509{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:56.508{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:55.491{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:54.476{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259179Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.449{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:53.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000259054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:52.418{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258995Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:51.398{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:50.384{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:49.360{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:48.340{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:47.312{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:46.291{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.289{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:45.272{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258532Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258531Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:44.261{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:43.246{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:42.230{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258332Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258330Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:41.213{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:40.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.175{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.174{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.173{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.172{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:39.170{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:38.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000258043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:37.130{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.125{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.124{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:36.121{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:35.099{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257824Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257821Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:34.080{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:33.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:32.030{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:31.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257554Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:29.979{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:28.963{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:27.944{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:26.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:25.909{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.899{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:24.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:23.860{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:22.841{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000257030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:21.824{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:20.803{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256897Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:19.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:18.769{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.766{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.765{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:17.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.756{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.755{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256571Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.754{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.754{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.753{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:16.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.737{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:15.732{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.720{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:14.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.699{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.697{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.696{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:13.695{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.687{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.684{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000256054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:12.683{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:11.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:10.643{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:09.627{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:08.604{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:07.577{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255607Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255604Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255602Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:06.538{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255537Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255535Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:05.522{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.520{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.519{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255473Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.518{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.517{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:04.507{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255406Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:03.471{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.453{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.452{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.451{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:02.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255277Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255276Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255275Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255274Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255273Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255272Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:36:01.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000255271Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackran