10341000x8000000000000000552901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.973{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.973{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.973{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:15.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.955{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552749Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.955{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.955{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552636Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552633Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552632Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552631Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:14.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.951{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.951{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.951{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552569Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:13.332{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.943{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.943{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552552Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.943{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:12.306{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.934{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.934{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.934{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.283{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:11.271{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.926{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.926{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.926{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:10.245{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.917{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.917{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.917{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:09.218{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.906{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.906{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.906{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.197{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:08.181{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000552014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.900{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.900{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000552011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.900{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:07.163{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.897{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.897{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.897{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:06.134{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.902{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.902{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.902{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.120{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:05.104{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.901{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.901{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.901{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:04.073{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.901{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.901{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.901{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.064{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:03.048{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.876{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.876{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.876{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:02.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:01.877{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:01.877{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:01.877{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.989{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551477Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.864{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551475Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.864{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:38:00.864{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.867{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551405Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.867{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.867{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.204{3381F800-7E83-635A-A600-000000008A02}35645796C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000180D8610) 10341000x8000000000000000551345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.192{3381F800-7E83-635A-A600-000000008A02}35645796C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000180D8610) 10341000x8000000000000000551343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:59.172{3381F800-7E83-635A-A600-000000008A02}35645796C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000180D8610) 10300x8000000000000019944Applicationwin-dc-ctus-attack-range-487.attackrange.local{"Company":"Microsoft Corporation","Computer":"win-dc-ctus-attack-range-487","Correlation_ActivityID":"{00000000-0000-0000-0000-000000000000}","Description":"Windows Problem Reporting","DesiredAccess":"1082","EventID":"5","FileCreationDate":"2020-12-09T06:25:40","FileVersion":"10.0.14393.4104 (rs1_release.201202-1742)","GrantedAccess":"0x43a","Hashes":"MD5=931F41EAEE541F2E9071259D9D3D6409,SHA1=6F85AA74D7A0447D802DD6166353C97CA5937F2F,SHA256=34E2C1A23BDF5E1CCA13A6FEEC48771CC53196A07E70DA5672C7E11B1066C311,IMPHASH=04282AE0621917BED5ED5B241C6F586C","IsSelf":"false","Keywords":"0x0","Level":"4","Match_Strings":"3a in GrantedAccess, \\lsass.exe in TargetImage","Module":"Sigma","Opcode":"0","OriginalFileName":"WerMgr","Product":"Microsoft® Windows® Operating System","Provider_Guid":"{E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23}","Provider_Name":"Microsoft-Windows-Kernel-Audit-API-Calls","ReturnCode":"3221225506","Rule_Author":"Florian Roth","Rule_Description":"Detects process access to LSASS memory with suspicious access flags","Rule_FalsePositives":"Legitimate software accessing LSASS process for legitimate reason","Rule_Id":"a18dd26b-6450-46de-8c91-9659150cf088","Rule_Level":"high","Rule_Link":"https://github.com/SigmaHQ/sigma/blob/0.22-627-g60f08bbe8/rules/windows/process_access/proc_access_win_susp_proc_access_lsass.yml","Rule_Modified":"2022/06/20","Rule_Path":"public\\windows\\process_access\\proc_access_win_susp_proc_access_lsass.yml","Rule_References":"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights, https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843\u0026ithint=file%2cpptx\u0026app=PowerPoint\u0026authkey=!AMvCRTKB_V1J5ow, https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html, https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment, http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf","Rule_Sigtype":"public","Rule_Title":"Suspicious GrantedAccess Flags on LSASS Access","Security_UserID":"S-1-5-21-3654133429-2950718773-2133640725-500","SourceCommandLine":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImage":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImageAge":"687d06h32m57s","SourceProcessId":"4864","SourceThreadId":"2884","SourceUser":"ATTACKRANGE\\Administrator","TargetImage":"C:\\Windows\\System32\\lsass.exe","TargetProcessId":"628","TargetUser":"NT AUTHORITY\\SYSTEM","Task":"0","TimeCreated_SystemTime":"2022-10-27T14:37:57.0808232Z","Timestamp":"2020-12-03T04:46:40","Version":"0","Winversion":"14393","level":"warning","msg":"Sigma match found","time":"2022-10-27T14:37:59Z"} 10341000x8000000000000000551324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.941{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.863{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.863{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:58.863{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551250Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551249Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.850{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.850{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:57.850{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551178Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551177Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.906{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.859{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.859{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:56.859{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.892{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.890{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.888{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.861{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.861{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:55.861{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000551009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000551000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550996Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.852{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550994Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.852{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:54.852{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:53.847{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.849{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.849{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.849{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:52.818{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.854{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.854{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.854{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:51.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.842{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.842{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.842{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:50.764{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.812{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.812{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.812{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:49.734{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.794{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.794{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.794{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.715{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.796{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.796{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.796{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:47.674{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.791{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.791{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.791{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:46.653{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.772{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.772{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.772{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:45.631{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.754{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.754{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.754{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:44.614{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.765{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.765{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.765{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:43.578{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.746{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.746{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.746{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:42.559{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.732{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.732{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.732{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000550016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:41.530{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000550001Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.703{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.703{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549998Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.703{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:40.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.706{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.706{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.706{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.502{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.502{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.486{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.357{3381F800-7E83-635A-A600-000000008A02}3564432C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013580190) 10341000x8000000000000000549856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.348{3381F800-7E83-635A-A600-000000008A02}3564432C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013580190) 10341000x8000000000000000549854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:39.336{3381F800-7E83-635A-A600-000000008A02}3564432C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013580190) 10341000x8000000000000000549831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.701{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.701{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.701{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549774Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:38.466{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.700{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.700{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549752Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.700{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549700Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:37.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.683{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.683{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.683{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.428{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.426{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.425{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.421{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.421{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.420{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.420{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549609Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:36.420{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.677{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.677{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.677{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549529Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:35.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.663{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.663{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.663{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.382{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:34.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.653{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.653{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.653{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:33.344{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.645{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.645{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.645{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.335{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:32.319{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.657{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.657{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.657{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:31.292{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.645{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.645{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.645{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:30.266{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.621{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.621{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.621{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549091Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:29.240{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.618{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.618{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.618{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.226{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549020Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549018Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:28.210{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000549011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.620{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.620{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000549008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.620{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:27.190{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.628{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.628{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.628{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.171{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548871Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:26.156{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.608{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.608{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.608{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548799Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:25.129{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.598{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.598{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.598{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:24.102{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.602{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.602{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.602{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:23.084{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.599{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.599{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.599{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:22.054{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.588{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.588{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.588{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:21.033{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.564{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.564{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.564{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:20.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.565{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.565{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.565{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.113{3381F800-7E83-635A-A600-000000008A02}35643868C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013038610) 10341000x8000000000000000548371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.104{3381F800-7E83-635A-A600-000000008A02}35643868C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013038610) 10341000x8000000000000000548369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.095{3381F800-7E83-635A-A600-000000008A02}35643868C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013038610) 10341000x8000000000000000548358Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.003{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:19.001{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.998{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.997{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.553{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548334Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.553{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548333Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:18.553{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.970{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.533{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.533{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:17.533{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.537{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.537{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000548121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:16.537{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 13241300x8000000000000000548069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-SetValue2022-10-27 14:37:16.509{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeHKU\S-1-5-21-3654133429-2950718773-2133640725-500\SOFTWARE\Microsoft\Eshorkcy\1da9cca8Binary Data 10341000x8000000000000000548027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.952{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.950{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.950{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.948{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000548003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.947{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547992Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.942{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.942{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.552{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.552{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:15.552{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.904{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.544{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.544{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:14.544{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.874{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.859{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.546{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.546{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:13.546{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.844{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.842{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.842{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.840{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.839{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.838{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.536{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.536{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:12.536{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 {"Company":"Microsoft Corporation","Computer":"win-dc-ctus-attack-range-487","Correlation_ActivityID":"{00000000-0000-0000-0000-000000000000}","Description":"Windows Problem Reporting","DesiredAccess":"1082","EventID":"5","FileCreationDate":"2020-12-09T06:25:40","FileVersion":"10.0.14393.4104 (rs1_release.201202-1742)","GrantedAccess":"0x43a","Hashes":"MD5=931F41EAEE541F2E9071259D9D3D6409,SHA1=6F85AA74D7A0447D802DD6166353C97CA5937F2F,SHA256=34E2C1A23BDF5E1CCA13A6FEEC48771CC53196A07E70DA5672C7E11B1066C311,IMPHASH=04282AE0621917BED5ED5B241C6F586C","IsSelf":"false","Keywords":"0x0","Level":"4","Match_Strings":"3a in GrantedAccess, \\lsass.exe in TargetImage","Module":"Sigma","Opcode":"0","OriginalFileName":"WerMgr","Product":"Microsoft® Windows® Operating System","Provider_Guid":"{E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23}","Provider_Name":"Microsoft-Windows-Kernel-Audit-API-Calls","ReturnCode":"3221225506","Rule_Author":"Florian Roth","Rule_Description":"Detects process access to LSASS memory with suspicious access flags","Rule_FalsePositives":"Legitimate software accessing LSASS process for legitimate reason","Rule_Id":"a18dd26b-6450-46de-8c91-9659150cf088","Rule_Level":"high","Rule_Link":"https://github.com/SigmaHQ/sigma/blob/0.22-627-g60f08bbe8/rules/windows/process_access/proc_access_win_susp_proc_access_lsass.yml","Rule_Modified":"2022/06/20","Rule_Path":"public\\windows\\process_access\\proc_access_win_susp_proc_access_lsass.yml","Rule_References":"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights, https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843\u0026ithint=file%2cpptx\u0026app=PowerPoint\u0026authkey=!AMvCRTKB_V1J5ow, https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html, https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment, http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf","Rule_Sigtype":"public","Rule_Title":"Suspicious GrantedAccess Flags on LSASS Access","Security_UserID":"S-1-5-21-3654133429-2950718773-2133640725-500","SourceCommandLine":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImage":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImageAge":"687d06h32m57s","SourceProcessId":"4864","SourceThreadId":"2884","SourceUser":"ATTACKRANGE\\Administrator","TargetImage":"C:\\Windows\\System32\\lsass.exe","TargetProcessId":"628","TargetUser":"NT AUTHORITY\\SYSTEM","Task":"0","TimeCreated_SystemTime":"2022-10-27T14:37:57.0808232Z","Timestamp":"2020-12-03T04:46:40","Version":"0","Winversion":"14393","level":"warning","msg":"Sigma match found","time":"2022-10-27T14:37:59Z"} 10341000x8000000000000000547588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.816{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.800{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.521{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.521{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:11.521{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547404Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547403Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547402Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547401Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547400Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547399Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.775{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.760{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.525{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.525{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:10.525{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.743{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.509{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.509{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:09.509{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.723{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547187Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547186Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.708{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.489{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547181Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.489{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547180Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:08.489{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547118Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547117Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547116Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547114Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547112Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547110Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.473{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547108Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.473{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547107Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:07.473{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.667{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547044Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.651{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000547037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.479{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.479{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000547034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:06.479{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.633{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546972Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546969Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.617{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.476{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.476{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:05.476{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546895Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.481{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.481{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:04.481{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.569{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.460{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546823Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.460{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546822Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:03.460{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546759Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546758Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546757Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546755Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.548{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.439{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546751Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.439{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546750Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:02.439{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546687Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.529{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546685Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.513{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.435{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.435{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:01.435{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.495{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546618Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546617Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546615Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546614Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546613Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546612Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546611Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546610Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546608Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.417{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546606Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.417{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546605Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:37:00.417{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546549Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546544Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546543Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546542Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546541Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546540Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546539Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546538Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.459{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546536Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.396{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546534Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.396{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546533Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.396{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.108{3381F800-7E83-635A-A600-000000008A02}35644564C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013080610) 10341000x8000000000000000546478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.101{3381F800-7E83-635A-A600-000000008A02}35644564C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013080610) 10341000x8000000000000000546476Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:59.084{3381F800-7E83-635A-A600-000000008A02}35644564C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013080610) 10341000x8000000000000000546453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.447{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.444{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.442{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.441{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.439{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.437{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.382{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.382{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:58.382{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10300x8000000000000019940Applicationwin-dc-ctus-attack-range-487.attackrange.local{"Company":"Microsoft Corporation","Computer":"win-dc-ctus-attack-range-487","Correlation_ActivityID":"{00000000-0000-0000-0000-000000000000}","Description":"Windows Problem Reporting","DesiredAccess":"1082","EventID":"5","FileCreationDate":"2020-12-09T06:25:40","FileVersion":"10.0.14393.4104 (rs1_release.201202-1742)","GrantedAccess":"0x43a","Hashes":"MD5=931F41EAEE541F2E9071259D9D3D6409,SHA1=6F85AA74D7A0447D802DD6166353C97CA5937F2F,SHA256=34E2C1A23BDF5E1CCA13A6FEEC48771CC53196A07E70DA5672C7E11B1066C311,IMPHASH=04282AE0621917BED5ED5B241C6F586C","IsSelf":"false","Keywords":"0x0","Level":"4","Match_Strings":"3a in GrantedAccess, \\lsass.exe in TargetImage","Module":"Sigma","Opcode":"0","OriginalFileName":"WerMgr","Product":"Microsoft® Windows® Operating System","Provider_Guid":"{E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23}","Provider_Name":"Microsoft-Windows-Kernel-Audit-API-Calls","ReturnCode":"3221225506","Rule_Author":"Florian Roth","Rule_Description":"Detects process access to LSASS memory with suspicious access flags","Rule_FalsePositives":"Legitimate software accessing LSASS process for legitimate reason","Rule_Id":"a18dd26b-6450-46de-8c91-9659150cf088","Rule_Level":"high","Rule_Link":"https://github.com/SigmaHQ/sigma/blob/0.22-627-g60f08bbe8/rules/windows/process_access/proc_access_win_susp_proc_access_lsass.yml","Rule_Modified":"2022/06/20","Rule_Path":"public\\windows\\process_access\\proc_access_win_susp_proc_access_lsass.yml","Rule_References":"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights, https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843\u0026ithint=file%2cpptx\u0026app=PowerPoint\u0026authkey=!AMvCRTKB_V1J5ow, https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html, https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment, http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf","Rule_Sigtype":"public","Rule_Title":"Suspicious GrantedAccess Flags on LSASS Access","Security_UserID":"S-1-5-21-3654133429-2950718773-2133640725-500","SourceCommandLine":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImage":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImageAge":"687d06h32m57s","SourceProcessId":"4864","SourceThreadId":"2884","SourceUser":"ATTACKRANGE\\Administrator","TargetImage":"C:\\Windows\\System32\\lsass.exe","TargetProcessId":"628","TargetUser":"NT AUTHORITY\\SYSTEM","Task":"0","TimeCreated_SystemTime":"2022-10-27T14:36:56.6083096Z","Timestamp":"2020-12-03T04:46:40","Version":"0","Winversion":"14393","level":"warning","msg":"Sigma match found","time":"2022-10-27T14:36:58Z"} 10341000x8000000000000000546379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.427{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.423{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.422{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.421{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.421{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.421{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.421{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.420{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.377{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.377{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:57.377{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.412{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.409{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.407{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.406{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.405{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.390{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.388{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:56.388{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546207Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.393{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546204Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.392{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546203Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.391{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546202Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.391{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546201Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.391{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.390{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.389{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.377{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.377{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:55.377{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.377{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.373{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.370{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546131Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.369{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.367{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.366{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.362{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.362{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:54.362{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.346{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000546049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000546048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:53.329{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545993Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.316{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.316{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.316{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:52.300{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.326{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545921Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.325{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.325{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:51.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.314{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.313{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.313{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:50.262{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.311{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.311{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.311{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.258{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:49.241{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545712Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.307{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.306{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545709Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.306{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.231{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:48.215{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.299{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.299{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.299{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.195{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:47.180{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545568Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.295{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.295{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.295{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545506Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:46.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.295{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.295{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.295{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545434Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545433Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545432Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:45.123{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.279{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.279{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.279{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.112{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545360Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:44.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.274{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.274{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.274{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.078{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545291Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545288Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:43.063{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545279Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545278Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.047{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545213Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:42.032{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545208Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545205Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545147Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545146Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545145Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:41.015{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:40.269{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:40.269{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:40.269{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545075Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545073Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545070Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545068Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.999{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000545063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.268{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.268{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.268{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000545007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.131{3381F800-7E83-635A-A600-000000008A02}3564432C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013580190) 10341000x8000000000000000545005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.120{3381F800-7E83-635A-A600-000000008A02}3564432C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013580190) 10341000x8000000000000000545003Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:39.104{3381F800-7E83-635A-A600-000000008A02}3564432C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013580190) 10341000x8000000000000000544984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544974Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.976{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:38.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.961{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.264{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.264{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:37.264{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544832Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544831Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544830Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544828Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544825Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.938{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:36.271{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.928{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.927{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.924{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544730Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.923{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.922{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.263{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.263{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:35.263{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.912{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544658Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.896{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.258{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.258{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:34.258{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.867{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.267{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544573Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.267{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:33.267{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544514Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544510Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544507Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.846{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.256{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.256{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:32.256{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544439Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544435Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.827{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544431Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.252{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.252{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:31.252{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.812{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.797{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544359Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.252{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.252{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:30.252{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.776{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544287Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.263{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544285Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.263{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:29.263{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.768{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.752{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544214Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.256{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544212Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.256{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544211Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:28.256{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.735{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544156Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544154Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544153Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544152Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544151Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544150Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544149Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.719{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.254{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544142Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.254{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:27.254{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544084Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544083Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544082Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544081Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544080Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544079Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544078Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544077Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544076Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.694{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544071Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:26.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544013Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544012Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544011Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544010Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544009Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544007Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544006Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544005Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544004Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.669{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000544002Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.265{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000544000Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.265{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:25.265{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543943Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.664{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.664{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543940Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543939Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543938Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543937Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543936Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543935Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543934Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:24.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543868Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543867Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543866Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543865Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543864Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543863Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543862Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543861Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.616{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543860Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.616{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543859Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.616{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:23.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543796Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.599{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543795Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543794Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543793Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543792Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543791Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543790Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543789Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543788Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543787Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.583{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:22.259{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543727Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543724Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.570{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543723Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543721Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543720Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543719Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543718Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543717Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543716Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543710Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543708Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543707Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:21.260{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543655Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543651Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.526{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.246{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543638Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.246{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:20.246{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543577Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543576Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543575Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543574Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.503{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543572Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.372{3381F800-7E83-635A-A600-000000008A02}35645796C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000180D8610) 10341000x8000000000000000543570Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.355{3381F800-7E83-635A-A600-000000008A02}35645796C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000180D8610) 10341000x8000000000000000543566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.328{3381F800-7E83-635A-A600-000000008A02}35645796C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000180D8610) 10341000x8000000000000000543558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.258{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.258{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543555Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:19.257{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.494{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543479Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543478Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.479{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.250{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.250{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:18.250{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543344Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543343Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543342Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543340Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543337Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543336Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.455{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.235{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543329Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.235{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543328Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:17.235{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.440{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.436{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.434{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543259Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543258Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.433{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543257Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543256Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.432{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543254Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.431{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.430{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.232{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.232{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:16.232{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543046Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.396{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000543043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.225{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543041Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.225{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000543040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:15.225{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542933Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542932Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542931Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542930Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.386{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542929Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542928Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542927Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542926Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542924Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542923Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542922Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.371{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542920Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.231{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542918Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.231{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542917Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:14.231{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542858Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542857Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542856Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542855Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542854Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542853Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542852Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542851Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542850Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542849Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542848Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542847Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.338{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542845Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.230{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.230{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:13.230{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542786Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542785Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.330{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542784Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542783Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.328{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542782Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542781Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542780Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542779Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542778Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542777Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542776Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.324{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542775Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.308{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542773Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.231{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.231{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:12.231{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542650Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542649Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.294{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542648Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542647Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542646Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542645Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542643Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542640Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.281{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542637Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.246{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542635Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.246{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542634Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:11.246{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 {"Company":"Microsoft Corporation","Computer":"win-dc-ctus-attack-range-487","Correlation_ActivityID":"{00000000-0000-0000-0000-000000000000}","Description":"Windows Problem Reporting","DesiredAccess":"1082","EventID":"5","FileCreationDate":"2020-12-09T06:25:40","FileVersion":"10.0.14393.4104 (rs1_release.201202-1742)","GrantedAccess":"0x43a","Hashes":"MD5=931F41EAEE541F2E9071259D9D3D6409,SHA1=6F85AA74D7A0447D802DD6166353C97CA5937F2F,SHA256=34E2C1A23BDF5E1CCA13A6FEEC48771CC53196A07E70DA5672C7E11B1066C311,IMPHASH=04282AE0621917BED5ED5B241C6F586C","IsSelf":"false","Keywords":"0x0","Level":"4","Match_Strings":"3a in GrantedAccess, \\lsass.exe in TargetImage","Module":"Sigma","Opcode":"0","OriginalFileName":"WerMgr","Product":"Microsoft® Windows® Operating System","Provider_Guid":"{E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23}","Provider_Name":"Microsoft-Windows-Kernel-Audit-API-Calls","ReturnCode":"3221225506","Rule_Author":"Florian Roth","Rule_Description":"Detects process access to LSASS memory with suspicious access flags","Rule_FalsePositives":"Legitimate software accessing LSASS process for legitimate reason","Rule_Id":"a18dd26b-6450-46de-8c91-9659150cf088","Rule_Level":"high","Rule_Link":"https://github.com/SigmaHQ/sigma/blob/0.22-627-g60f08bbe8/rules/windows/process_access/proc_access_win_susp_proc_access_lsass.yml","Rule_Modified":"2022/06/20","Rule_Path":"public\\windows\\process_access\\proc_access_win_susp_proc_access_lsass.yml","Rule_References":"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights, https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843\u0026ithint=file%2cpptx\u0026app=PowerPoint\u0026authkey=!AMvCRTKB_V1J5ow, https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html, https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment, http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf","Rule_Sigtype":"public","Rule_Title":"Suspicious GrantedAccess Flags on LSASS Access","Security_UserID":"S-1-5-21-3654133429-2950718773-2133640725-500","SourceCommandLine":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImage":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImageAge":"687d06h32m57s","SourceProcessId":"4864","SourceThreadId":"2884","SourceUser":"ATTACKRANGE\\Administrator","TargetImage":"C:\\Windows\\System32\\lsass.exe","TargetProcessId":"628","TargetUser":"NT AUTHORITY\\SYSTEM","Task":"0","TimeCreated_SystemTime":"2022-10-27T14:36:56.6083096Z","Timestamp":"2020-12-03T04:46:40","Version":"0","Winversion":"14393","level":"warning","msg":"Sigma match found","time":"2022-10-27T14:36:58Z"} 10341000x8000000000000000542470Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542469Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.264{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542468Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542467Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542466Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542465Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542464Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542463Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542462Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542461Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542460Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542459Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.248{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.232{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.232{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:10.232{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542398Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542397Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.236{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542395Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542392Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542391Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542390Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542389Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542387Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.220{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.205{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.205{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:09.205{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542326Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.210{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542324Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.210{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542323Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.210{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542293Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542269Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542268Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.194{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542267Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542266Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542265Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542264Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542263Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542262Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542261Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542260Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:08.179{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542255Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.174{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542253Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.174{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542252Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.174{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542200Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542199Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542198Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542197Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542196Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542195Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542194Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542192Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542191Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542190Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542189Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:07.159{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542185Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.180{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542183Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.164{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542182Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.164{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.148{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542128Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542127Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542126Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542121Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542119Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:06.133{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542115Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.150{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542113Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.150{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542111Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.150{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.103{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542054Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542053Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542052Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542051Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:05.088{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000542045Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.148{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.148{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000542042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.148{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541979Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541977Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:04.070{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541973Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.151{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.151{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541970Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.151{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541916Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541915Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541914Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541913Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.057{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541912Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:03.042{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.153{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541899Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.153{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541898Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.153{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541844Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541843Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.028{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541842Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541841Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541840Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541839Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541838Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541837Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541836Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541835Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541834Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541833Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:02.012{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541829Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:01.152{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541827Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:01.152{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541826Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:01.152{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541772Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541771Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541770Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541769Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541768Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541767Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541766Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541765Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541764Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541763Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541762Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541761Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.995{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.125{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541754Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.125{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541753Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:36:00.125{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541699Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541698Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.984{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541697Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541696Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541695Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541694Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541693Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541691Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541688Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.969{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541686Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.646{3381F800-7E83-635A-A600-000000008A02}35645224C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000170F9150) 10341000x8000000000000000541684Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.630{3381F800-7E83-635A-A600-000000008A02}35645224C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000170F9150) 10341000x8000000000000000541682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.580{3381F800-7E83-635A-A600-000000008A02}35645224C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(00000000170F9150) 10341000x8000000000000000541627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.130{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.130{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:59.130{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541567Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541566Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541565Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541563Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541561Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541558Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541557Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.958{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541556Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.943{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541548Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.112{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541546Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.112{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541545Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:58.112{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10300x8000000000000019936Applicationwin-dc-ctus-attack-range-487.attackrange.local{"Company":"Microsoft Corporation","Computer":"win-dc-ctus-attack-range-487","Correlation_ActivityID":"{00000000-0000-0000-0000-000000000000}","Description":"Windows Problem Reporting","DesiredAccess":"1082","EventID":"5","FileCreationDate":"2020-12-09T06:25:40","FileVersion":"10.0.14393.4104 (rs1_release.201202-1742)","GrantedAccess":"0x43a","Hashes":"MD5=931F41EAEE541F2E9071259D9D3D6409,SHA1=6F85AA74D7A0447D802DD6166353C97CA5937F2F,SHA256=34E2C1A23BDF5E1CCA13A6FEEC48771CC53196A07E70DA5672C7E11B1066C311,IMPHASH=04282AE0621917BED5ED5B241C6F586C","IsSelf":"false","Keywords":"0x0","Level":"4","Match_Strings":"3a in GrantedAccess, \\lsass.exe in TargetImage","Module":"Sigma","Opcode":"0","OriginalFileName":"WerMgr","Product":"Microsoft® Windows® Operating System","Provider_Guid":"{E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23}","Provider_Name":"Microsoft-Windows-Kernel-Audit-API-Calls","ReturnCode":"3221225506","Rule_Author":"Florian Roth","Rule_Description":"Detects process access to LSASS memory with suspicious access flags","Rule_FalsePositives":"Legitimate software accessing LSASS process for legitimate reason","Rule_Id":"a18dd26b-6450-46de-8c91-9659150cf088","Rule_Level":"high","Rule_Link":"https://github.com/SigmaHQ/sigma/blob/0.22-627-g60f08bbe8/rules/windows/process_access/proc_access_win_susp_proc_access_lsass.yml","Rule_Modified":"2022/06/20","Rule_Path":"public\\windows\\process_access\\proc_access_win_susp_proc_access_lsass.yml","Rule_References":"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights, https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843\u0026ithint=file%2cpptx\u0026app=PowerPoint\u0026authkey=!AMvCRTKB_V1J5ow, https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html, https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment, http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf","Rule_Sigtype":"public","Rule_Title":"Suspicious GrantedAccess Flags on LSASS Access","Security_UserID":"S-1-5-21-3654133429-2950718773-2133640725-500","SourceCommandLine":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImage":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImageAge":"687d06h32m57s","SourceProcessId":"4864","SourceThreadId":"2884","SourceUser":"ATTACKRANGE\\Administrator","TargetImage":"C:\\Windows\\System32\\lsass.exe","TargetProcessId":"628","TargetUser":"NT AUTHORITY\\SYSTEM","Task":"0","TimeCreated_SystemTime":"2022-10-27T14:35:56.1480487Z","Timestamp":"2020-12-03T04:46:40","Version":"0","Winversion":"14393","level":"warning","msg":"Sigma match found","time":"2022-10-27T14:35:58Z"} {"Company":"Microsoft Corporation","Computer":"win-dc-ctus-attack-range-487","Correlation_ActivityID":"{00000000-0000-0000-0000-000000000000}","Description":"Windows Problem Reporting","DesiredAccess":"1082","EventID":"5","FileCreationDate":"2020-12-09T06:25:40","FileVersion":"10.0.14393.4104 (rs1_release.201202-1742)","GrantedAccess":"0x43a","Hashes":"MD5=931F41EAEE541F2E9071259D9D3D6409,SHA1=6F85AA74D7A0447D802DD6166353C97CA5937F2F,SHA256=34E2C1A23BDF5E1CCA13A6FEEC48771CC53196A07E70DA5672C7E11B1066C311,IMPHASH=04282AE0621917BED5ED5B241C6F586C","IsSelf":"false","Keywords":"0x0","Level":"4","Match_Strings":"3a in GrantedAccess, \\lsass.exe in TargetImage","Module":"Sigma","Opcode":"0","OriginalFileName":"WerMgr","Product":"Microsoft® Windows® Operating System","Provider_Guid":"{E02A841C-75A3-4FA7-AFC8-AE09CF9B7F23}","Provider_Name":"Microsoft-Windows-Kernel-Audit-API-Calls","ReturnCode":"3221225506","Rule_Author":"Florian Roth","Rule_Description":"Detects process access to LSASS memory with suspicious access flags","Rule_FalsePositives":"Legitimate software accessing LSASS process for legitimate reason","Rule_Id":"a18dd26b-6450-46de-8c91-9659150cf088","Rule_Level":"high","Rule_Link":"https://github.com/SigmaHQ/sigma/blob/0.22-627-g60f08bbe8/rules/windows/process_access/proc_access_win_susp_proc_access_lsass.yml","Rule_Modified":"2022/06/20","Rule_Path":"public\\windows\\process_access\\proc_access_win_susp_proc_access_lsass.yml","Rule_References":"https://docs.microsoft.com/en-us/windows/win32/procthread/process-security-and-access-rights, https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843\u0026ithint=file%2cpptx\u0026app=PowerPoint\u0026authkey=!AMvCRTKB_V1J5ow, https://cyberwardog.blogspot.com/2017/03/chronicles-of-threat-hunter-hunting-for_22.html, https://www.slideshare.net/heirhabarov/hunting-for-credentials-dumping-in-windows-environment, http://security-research.dyndns.org/pub/slides/FIRST2017/FIRST-2017_Tom-Ueltschi_Sysmon_FINAL_notes.pdf","Rule_Sigtype":"public","Rule_Title":"Suspicious GrantedAccess Flags on LSASS Access","Security_UserID":"S-1-5-21-3654133429-2950718773-2133640725-500","SourceCommandLine":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImage":"C:\\Windows\\SysWOW64\\wermgr.exe","SourceImageAge":"687d06h32m57s","SourceProcessId":"4864","SourceThreadId":"2884","SourceUser":"ATTACKRANGE\\Administrator","TargetImage":"C:\\Windows\\System32\\lsass.exe","TargetProcessId":"628","TargetUser":"NT AUTHORITY\\SYSTEM","Task":"0","TimeCreated_SystemTime":"2022-10-27T14:35:56.1480487Z","Timestamp":"2020-12-03T04:46:40","Version":"0","Winversion":"14393","level":"warning","msg":"Sigma match found","time":"2022-10-27T14:35:58Z"} 10341000x8000000000000000541491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541490Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541489Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541488Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541486Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541483Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541482Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541481Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541480Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.925{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541474Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.103{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541472Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.103{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541471Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:57.103{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541418Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.916{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541416Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541415Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541414Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541412Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541408Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.900{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541396Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.124{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541394Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.123{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:56.123{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541322Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.895{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541320Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541319Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.891{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541318Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541317Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541316Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.889{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.887{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541314Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.885{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.884{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.882{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.099{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.099{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:55.099{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541248Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541247Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.865{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541245Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.849{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.096{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.096{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:54.096{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541176Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541175Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.830{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.095{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541159Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.095{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:53.095{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541104Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.814{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.798{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541089Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.107{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.107{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541086Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:52.107{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.795{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.779{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000541017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.107{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541015Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.107{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000541014Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:51.107{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.763{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540944Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.097{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540942Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.097{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540941Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:50.097{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.722{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540872Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.100{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540870Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.099{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540869Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:49.099{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.700{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.685{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540800Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.086{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540798Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.086{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540797Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:48.086{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540734Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540733Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540732Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.673{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.072{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540726Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.072{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540725Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:47.072{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.648{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540660Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.632{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.074{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540654Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.074{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540653Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:46.074{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540601Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.622{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.605{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.075{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.075{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:45.075{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540516Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.564{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.065{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.065{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:44.065{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.555{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.540{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540438Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.057{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540437Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.057{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540436Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:43.057{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.516{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.054{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.054{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:42.054{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540301Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540299Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540296Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.497{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540295Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540294Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.482{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540292Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.045{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540290Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.045{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540289Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:41.045{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540231Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.450{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.435{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.045{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.045{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:40.045{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.691{3381F800-7E83-635A-A600-000000008A02}35645836C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000017C04F10) 10341000x8000000000000000540162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.683{3381F800-7E83-635A-A600-000000008A02}35645836C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000017C04F10) 10341000x8000000000000000540160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.671{3381F800-7E83-635A-A600-000000008A02}35645836C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000017C04F10) 10341000x8000000000000000540144Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540143Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.429{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540141Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540140Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540139Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540138Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540136Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540135Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540134Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540133Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.414{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540125Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.043{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.043{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540122Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:39.043{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540066Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540064Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540063Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540062Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540061Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540060Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540059Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540057Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540056Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540055Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.395{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000540050Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.039{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540048Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.039{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000540047Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:38.039{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539991Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539990Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539989Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539988Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539987Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539985Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539984Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539983Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539982Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539981Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539980Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.375{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539978Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.034{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539976Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.034{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539975Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:37.034{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539911Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.363{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539910Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.363{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539909Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.358{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539908Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.357{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539907Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539906Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.354{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539905Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539904Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.353{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539903Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.352{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539902Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.351{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539901Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.349{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539900Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.348{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.040{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.039{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:36.039{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539820Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.322{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.029{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.029{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:35.029{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539748Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539747Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.318{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539746Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539745Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539744Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539743Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539742Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539741Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539740Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539739Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539737Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.303{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539731Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.023{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539729Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.023{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539728Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:34.023{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539671Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.275{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539669Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539667Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539665Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539664Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539663Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539662Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539661Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.259{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539659Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.023{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539657Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.023{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539656Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:33.023{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539600Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539599Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539598Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539597Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539595Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539594Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539593Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539592Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539591Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.225{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539590Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.209{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.006{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.006{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:32.006{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539528Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539527Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539526Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539525Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539524Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539523Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539522Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539521Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539520Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539519Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539518Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.193{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539515Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.006{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539513Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.006{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539512Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:31.006{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539458Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539457Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.176{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539456Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539455Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.161{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539442Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.005{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539441Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.005{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539440Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:30.005{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539384Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539383Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.138{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539382Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539381Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539380Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539379Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539378Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539376Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539375Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539374Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539373Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:29.122{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.997{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.997{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.997{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539313Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539312Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539311Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539310Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.113{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539309Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539308Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539307Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539306Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539305Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539304Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539303Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539302Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:28.097{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539300Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.972{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539298Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.972{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539297Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.972{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539243Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539242Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539241Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539240Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.092{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539237Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539235Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539234Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539232Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:27.077{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539230Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.983{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.983{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.983{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539173Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539171Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539170Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539169Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539168Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539166Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539165Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.061{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539164Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539163Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539162Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:26.045{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539160Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.983{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539158Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.983{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539157Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.983{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539103Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539102Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.034{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539101Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539100Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539099Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539097Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539096Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539095Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539094Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539093Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539092Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:25.018{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539090Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:24.956{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539088Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:24.956{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539087Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:24.956{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:24.006{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539028Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539027Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539026Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539024Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.990{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000539019Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.943{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539017Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.943{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000539016Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:23.943{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538956Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538955Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538954Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538953Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538952Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538951Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538950Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.972{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538948Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.925{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.925{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538945Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:22.925{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.945{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538882Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538881Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538880Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538879Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.929{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538877Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.914{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538874Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.914{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538873Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:21.914{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538819Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538817Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538816Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538815Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538814Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538813Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.911{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.895{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.895{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:20.895{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538738Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.909{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538736Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.909{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538735Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.909{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538683Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538682Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.894{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538681Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538680Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538679Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538677Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538676Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538675Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538674Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538673Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538672Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.878{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538670Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.604{3381F800-7E83-635A-A600-000000008A02}35643868C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013038610) 10341000x8000000000000000538668Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.593{3381F800-7E83-635A-A600-000000008A02}35643868C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013038610) 10341000x8000000000000000538666Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:19.578{3381F800-7E83-635A-A600-000000008A02}35643868C:\Program Files\Aurora-Agent\aurora-agent.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\System32\KERNELBASE.dll+c6b98(wow64)|C:\Program Files\Aurora-Agent\aurora-agent.exe+6a255|UNKNOWN(0000000013038610) 10341000x8000000000000000538644Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.898{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538642Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.898{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538641Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.898{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538589Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538588Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538587Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538586Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538585Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538584Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538583Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538582Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538581Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538580Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.851{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538579Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538578Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:18.835{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538511Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.868{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.868{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538508Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.868{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538454Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538453Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538452Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538451Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538450Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538449Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538448Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538447Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538446Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538445Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538444Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:17.805{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.859{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.859{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.859{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538372Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538371Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.793{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538370Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538369Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.791{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538368Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538367Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.787{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538365Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538364Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.786{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538363Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538362Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.785{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538361Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:16.783{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538286Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.848{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.847{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.847{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538228Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.748{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538227Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538226Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538223Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538222Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538220Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538218Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538217Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:15.733{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538132Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.858{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538130Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.858{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538129Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.858{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538040Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538039Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538038Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538037Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538036Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538035Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538034Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538030Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538029Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:14.717{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000538025Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.844{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.844{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000538022Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.844{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537968Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.703{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.703{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537966Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537965Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537964Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537963Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537962Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537961Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537960Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537959Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537958Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537957Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:13.688{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537949Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.837{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537947Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.837{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537946Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.837{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537894Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537893Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.665{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537892Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537891Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537890Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537889Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537888Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537887Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537886Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537885Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537884Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537883Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:12.649{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537878Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.839{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537876Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.839{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537875Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.839{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537812Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537811Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.636{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537809Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537808Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537807Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537806Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537805Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537804Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537803Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537802Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537801Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:11.620{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537692Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.829{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537690Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.829{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537689Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.829{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537630Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537629Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537628Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537627Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.606{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537626Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537625Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537624Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537623Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537622Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537621Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537620Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537619Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:10.590{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 354300x8000000000000000537564Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.276{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-ctus-attack-range-487.attackrange.local58058-false181.164.194.228228-194-164-181.fibertel.com.ar443https 10341000x8000000000000000537562Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.812{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537560Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.812{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537559Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.812{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537505Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.547{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537503Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537502Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537501Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537499Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537498Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537496Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537495Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537494Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:09.531{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 13241300x8000000000000000537493Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-SetValue2022-10-27 14:35:09.061{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeHKU\S-1-5-21-3654133429-2950718773-2133640725-500\SOFTWARE\Microsoft\Eshorkcy\c0932c1cBinary Data 13241300x8000000000000000537492Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-SetValue2022-10-27 14:35:09.061{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeHKU\S-1-5-21-3654133429-2950718773-2133640725-500\SOFTWARE\Microsoft\Eshorkcy\bd9b6396Binary Data 13241300x8000000000000000537491Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-SetValue2022-10-27 14:35:09.061{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeHKU\S-1-5-21-3654133429-2950718773-2133640725-500\SOFTWARE\Microsoft\Eshorkcy\af2ecc78Binary Data 10341000x8000000000000000537487Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.796{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537485Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.796{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537484Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.796{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537429Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.514{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537428Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537427Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537426Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537424Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537423Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537422Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537421Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537420Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537419Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:08.499{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 13241300x8000000000000000537417Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-SetValue2022-10-27 14:35:08.245{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exeHKU\S-1-5-21-3654133429-2950718773-2133640725-500\SOFTWARE\Microsoft\Eshorkcy\1da9cca8Binary Data 10341000x8000000000000000537413Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.785{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.785{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537410Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.785{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537356Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.488{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537355Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.488{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537354Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537353Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\system32\taskmgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537352Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537351Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537350Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537349Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537348Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E85-635A-AA00-000000008A02}4216C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537347Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\Explorer.EXE0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537346Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537345Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:07.472{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537341Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:06.771{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537339Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:06.771{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-8D6E-635A-E505-000000008A02}6380C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537338Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:06.771{3381F800-8085-635A-2701-000000008A02}55726548C:\Windows\system32\taskmgr.exe{3381F800-807D-635A-1601-000000008A02}4340C:\Windows\SysWOW64\wermgr.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\KERNELBASE.dll+2c44d|C:\Windows\system32\taskmgr.exe+b3bc|C:\Windows\system32\taskmgr.exe+3a6d0|C:\Windows\system32\taskmgr.exe+51c71|C:\Windows\system32\taskmgr.exe+14fc5|C:\Windows\system32\taskmgr.exe+2cdd3|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51791 10341000x8000000000000000537283Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:06.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537282Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:35:06.443{3381F800-807D-635A-1601-000000008A02}4340916C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6154|C:\Windows\System32\wow64.dll+124f4|C:\Windows\System32\wow64.dll+6e75|C:\Windows\System32\wow64cpu.dll+1d07|C:\Windows\System32\wow64.dll+1bf87|C:\Windows\System32\wow64.dll+cba0|C:\Windows\SYSTEM32\ntdll.dll+783e0|C:\Windows\SYSTEM32\ntdll.dll+77fae|C:\Windows\SYSTEM32\ntdll.dll+6ecfc(wow64)|C:\Windows\SYSTEM32\ntdll.dll+a9a1c(wow64)|C:\Windows\System32\KERNEL32.DLL+33dd3(wow64)|C:\Windows\System32\KERNEL32.DLL+2b6b1(wow64)|UNKNOWN(000000000063BC4B)|UNKNOWN(000000000063F65A)|UNKNOWN(000000000063BD57)|UNKNOWN(000000000063F6BC)|UNKNOWN(0000000000635A4F)|UNKNOWN(000000000063A51F)|C:\Windows\System32\KERNEL32.DLL+162c4(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b69(wow64)|C:\Windows\SYSTEM32\ntdll.dll+61b34(wow64) 10341000x8000000000000000537281Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local