824800x80000000000000001054678Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:59:23.635{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-99EA-635B-D403-000000008B02}980C:\Program Files\Mozilla Firefox\firefox.exe7760x0000000000500000-- 824800x80000000000000001052174Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:58:28.129{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-99B3-635B-CC03-000000008B02}6984C:\Program Files\Mozilla Firefox\firefox.exe28360x0000000000880000-- 824800x80000000000000001052161Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:58:28.113{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-99B3-635B-CB03-000000008B02}5912C:\Program Files\Mozilla Firefox\firefox.exe28600x0000000000D10000-- 824800x80000000000000001052148Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:58:28.084{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-99B3-635B-CA03-000000008B02}4384C:\Program Files\Mozilla Firefox\firefox.exe43000x0000000000CF0000-- 824800x80000000000000001049443Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:57:33.770{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-997C-635B-C203-000000008B02}3836C:\Program Files\Mozilla Firefox\firefox.exe69520x0000000000490000-- 824800x80000000000000001048284Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:57:20.585{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-9970-635B-C103-000000008B02}7072C:\Program Files\Mozilla Firefox\firefox.exe50920x00000000012A0000-- 824800x80000000000000001047504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:57:14.486{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-9969-635B-B903-000000008B02}3932C:\Program Files\Mozilla Firefox\firefox.exe70280x00000000006E0000-- 824800x80000000000000001047021Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:57:09.399{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-9964-635B-B803-000000008B02}4720C:\Program Files\Mozilla Firefox\firefox.exe37640x0000000001120000-- 824800x80000000000000001046616Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:57:03.291{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-995E-635B-B703-000000008B02}5988C:\Program Files\Mozilla Firefox\firefox.exe47240x00000000006C0000-- 824800x80000000000000001046315Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:56:59.194{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-995A-635B-B603-000000008B02}1688C:\Program Files\Mozilla Firefox\firefox.exe69840x00000000005B0000-- 824800x80000000000000001042244Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:55:29.026{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-9900-635B-AE03-000000008B02}4896C:\Program Files\Mozilla Firefox\firefox.exe64720x0000000000BC0000-- 824800x80000000000000001040407Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:54:56.526{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-98DF-635B-A603-000000008B02}4444C:\Program Files\Mozilla Firefox\firefox.exe51760x0000000000B90000-- 824800x80000000000000001039238Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:54:32.084{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-98C7-635B-A403-000000008B02}7036C:\Program Files\Mozilla Firefox\firefox.exe28640x0000000000AB0000-- 824800x80000000000000001039074Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:54:31.042{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-98C6-635B-A303-000000008B02}4208C:\Program Files\Mozilla Firefox\firefox.exe70120x0000000001010000-- 824800x80000000000000001037377Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:53:57.444{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-98A4-635B-9B03-000000008B02}4408C:\Program Files\Mozilla Firefox\firefox.exe43520x0000000001370000-- 824800x80000000000000001036925Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 08:53:52.364{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-989F-635B-9A03-000000008B02}5236C:\Program Files\Mozilla Firefox\firefox.exe12000x0000000001360000-- 824800x8000000000000000910430Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:56:15.259{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8B1F-635B-FF01-000000008B02}4724C:\Windows\System32\InstallAgent.exe52320x0000000000DD0000-- 824800x8000000000000000905042Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:55.250{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A93-635B-ED01-000000008B02}6256C:\Program Files\Mozilla Firefox\firefox.exe29800x0000000000BF0000-- 824800x8000000000000000905033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:55.230{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A93-635B-EC01-000000008B02}6252C:\Program Files\Mozilla Firefox\firefox.exe26920x0000000001150000-- 824800x8000000000000000904652Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:54.197{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A91-635B-EB01-000000008B02}6964C:\Program Files\Mozilla Firefox\firefox.exe60440x00000000007D0000-- 824800x8000000000000000904639Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:54.177{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A91-635B-EA01-000000008B02}6956C:\Program Files\Mozilla Firefox\firefox.exe62000x0000000000B80000-- 824800x8000000000000000904216Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:53.142{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A90-635B-E901-000000008B02}6752C:\Program Files\Mozilla Firefox\firefox.exe68640x0000000001310000-- 824800x8000000000000000904193Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:53.119{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A90-635B-E801-000000008B02}6740C:\Program Files\Mozilla Firefox\firefox.exe68600x0000000000EC0000-- 824800x8000000000000000903810Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:52.082{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A8F-635B-E701-000000008B02}6556C:\Program Files\Mozilla Firefox\firefox.exe66240x0000000000870000-- 824800x8000000000000000903509Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:50.045{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A8D-635B-E601-000000008B02}6332C:\Program Files\Mozilla Firefox\firefox.exe64600x0000000000860000-- 824800x8000000000000000903058Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:38.885{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A81-635B-E501-000000008B02}764C:\Program Files\Mozilla Firefox\firefox.exe62120x0000000000DF0000-- 824800x8000000000000000902409Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:27.693{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A77-635B-E401-000000008B02}5816C:\Program Files\Mozilla Firefox\firefox.exe54720x00000000011C0000-- 824800x8000000000000000902385Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:27.674{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A77-635B-E301-000000008B02}4376C:\Program Files\Mozilla Firefox\firefox.exe38240x00000000005B0000-- 824800x8000000000000000902366Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:27.652{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A77-635B-E201-000000008B02}4288C:\Program Files\Mozilla Firefox\firefox.exe61080x00000000011D0000-- 824800x8000000000000000902357Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:27.636{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A76-635B-E101-000000008B02}4712C:\Program Files\Mozilla Firefox\firefox.exe24280x0000000000A40000-- 824800x8000000000000000901603Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:26.605{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A76-635B-E001-000000008B02}2388C:\Program Files\Mozilla Firefox\firefox.exe44320x0000000000AC0000-- 824800x8000000000000000901596Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:26.583{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A75-635B-DF01-000000008B02}6000C:\Program Files\Mozilla Firefox\firefox.exe9080x0000000000790000-- 824800x8000000000000000901547Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:26.558{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A75-635B-DE01-000000008B02}5932C:\Program Files\Mozilla Firefox\firefox.exe46720x0000000001130000-- 824800x8000000000000000901049Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:24.523{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A73-635B-DD01-000000008B02}5832C:\Program Files\Mozilla Firefox\firefox.exe58240x00000000006C0000-- 824800x8000000000000000901032Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:53:24.503{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A73-635B-DC01-000000008B02}4900C:\Program Files\Mozilla Firefox\firefox.exe51720x00000000007E0000-- 824800x8000000000000000899206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:52:15.925{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A2F-635B-CF01-000000008B02}5840C:\Windows\SysWOW64\dllhost.exe45240x0000000000C50000-- 824800x8000000000000000898500Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:44.179{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A0F-635B-CB01-000000008B02}5168C:\Windows\System32\Taskmgr.exe44360x0000000000A30000-- 824800x8000000000000000897722Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:33.943{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A05-635B-C901-000000008B02}6076C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe60960x00000000012B0000-- 824800x8000000000000000897331Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:32.919{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A04-635B-C501-000000008B02}5928C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe59360x0000000000C80000-- 824800x8000000000000000897188Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.893{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A01-635B-C101-000000008B02}5528C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe58560x00000000005B0000-- 824800x8000000000000000897172Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.873{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A01-635B-C001-000000008B02}5484C:\Windows\System32\conhost.exe58520x0000000000BF0000-- 824800x8000000000000000897167Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.857{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-8A01-635B-BF01-000000008B02}5476C:\Windows\System32\cmd.exe58480x0000000000C00000-- 824800x8000000000000000897155Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.816{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-89F5-635B-B701-000000008B02}4536C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe58400x0000000001280000-- 824800x8000000000000000897137Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.794{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-89F3-635B-B301-000000008B02}4928C:\Windows\explorer.exe58320x0000000002F20000-- 824800x8000000000000000897124Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.778{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-89F2-635B-AF01-000000008B02}4760C:\Windows\System32\userinit.exe58240x0000000001220000-- 824800x8000000000000000897109Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.760{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-89F2-635B-A901-000000008B02}4336C:\Windows\System32\taskhostw.exe58160x0000000000E70000-- 824800x8000000000000000897098Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.740{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-89F2-635B-A701-000000008B02}4272C:\Windows\System32\svchost.exe58120x0000000000760000-- 824800x8000000000000000897085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.717{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-89F2-635B-A601-000000008B02}4264C:\Windows\System32\sihost.exe58000x0000000001120000-- 824800x8000000000000000897072Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.698{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-89F2-635B-A501-000000008B02}4188C:\Windows\System32\RuntimeBroker.exe57920x0000000000540000-- 824800x8000000000000000897065Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-28 07:51:31.682{3381F800-8A03-635B-C401-000000008B02}5716C:\Windows\SysWOW64\wermgr.exe{3381F800-89F2-635B-A401-000000008B02}4164C:\Windows\System32\rdpclip.exe57880x0000000001070000-- 824800x8000000000000000569224Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:41:02.530{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-987D-635A-4707-000000008A02}2084C:\Program Files\Mozilla Firefox\firefox.exe35560x0000000000D10000-- 824800x8000000000000000568425Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:58.446{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-987A-635A-4607-000000008A02}364C:\Program Files\Mozilla Firefox\firefox.exe52560x0000000000690000-- 824800x8000000000000000567530Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:53.343{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9874-635A-4507-000000008A02}4924C:\Program Files\Mozilla Firefox\firefox.exe39920x0000000000AF0000-- 824800x8000000000000000567517Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:53.320{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9874-635A-4407-000000008A02}3176C:\Program Files\Mozilla Firefox\firefox.exe68440x0000000000AD0000-- 824800x8000000000000000567504Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:53.300{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9874-635A-4307-000000008A02}3248C:\Program Files\Mozilla Firefox\firefox.exe59480x0000000000990000-- 824800x8000000000000000566818Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:52.258{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9873-635A-4207-000000008A02}2216C:\Program Files\Mozilla Firefox\firefox.exe55680x0000000000B10000-- 824800x8000000000000000566411Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:51.219{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9873-635A-4107-000000008A02}4748C:\Program Files\Mozilla Firefox\firefox.exe34120x0000000000E30000-- 824800x8000000000000000566393Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:51.199{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9872-635A-4007-000000008A02}6456C:\Program Files\Mozilla Firefox\firefox.exe55160x0000000000780000-- 824800x8000000000000000566388Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:51.185{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9872-635A-3F07-000000008A02}1356C:\Program Files\Mozilla Firefox\firefox.exe64840x0000000000B50000-- 824800x8000000000000000565760Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:50.141{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9872-635A-3E07-000000008A02}3404C:\Program Files\Mozilla Firefox\firefox.exe64800x0000000000830000-- 824800x8000000000000000565756Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:50.125{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-9871-635A-3D07-000000008A02}3180C:\Program Files\Mozilla Firefox\firefox.exe4760x0000000000770000-- 824800x8000000000000000565335Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:48.047{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-986F-635A-3C07-000000008A02}2744C:\Program Files\Mozilla Firefox\firefox.exe1840x00000000004A0000-- 824800x8000000000000000565321Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 14:40:48.032{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-986F-635A-3B07-000000008A02}5184C:\Program Files\Mozilla Firefox\firefox.exe43200x0000000001020000-- 824800x8000000000000000362239Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.474{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\System32\dllhost.exe1080x0000000000700000-- 824800x8000000000000000362236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.443{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-8E38-635A-0306-000000008A02}1160C:\Windows\System32\taskhostw.exe63040x00000000009A0000-- 824800x8000000000000000362233Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.427{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\System32\Taskmgr.exe49640x0000000000C20000-- 824800x8000000000000000362229Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.412{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\System32\conhost.exe52160x0000000000BD0000-- 824800x8000000000000000362225Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.396{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\System32\cmd.exe49280x00000000011B0000-- 824800x8000000000000000362221Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.380{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe66880x0000000000C40000-- 824800x8000000000000000362219Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.349{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe43520x00000000008C0000-- 824800x8000000000000000362215Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.334{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\explorer.exe19240x0000000002D00000-- 824800x8000000000000000362209Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.302{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\System32\svchost.exe45680x0000000000840000-- 824800x8000000000000000362206Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.287{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8D00-000000008A02}324C:\Windows\System32\sihost.exe49160x00000000005B0000-- 824800x8000000000000000362123Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.255{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8C00-000000008A02}640C:\Windows\System32\RuntimeBroker.exe55000x00000000008F0000-- 824800x8000000000000000362120Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:59:12.236{3381F800-8EB0-635A-1306-000000008A02}4864C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe60520x0000000000760000-- 824800x8000000000000000356270Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:58:00.379{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-8E68-635A-0A06-000000008A02}5984C:\Windows\System32\dllhost.exe25360x00000000002C0000-- 824800x8000000000000000352497Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:57:13.345{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-8E38-635A-0306-000000008A02}1160C:\Windows\System32\taskhostw.exe42320x0000000000560000-- 824800x8000000000000000352246Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:57:12.323{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-8E38-635A-0206-000000008A02}4824C:\Windows\System32\conhost.exe54160x0000000000AF0000-- 824800x8000000000000000352236Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:57:12.312{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-8E38-635A-0106-000000008A02}4100C:\Windows\SysWOW64\esentutl.exe39280x0000000008550000-- 824800x8000000000000000346085Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.695{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-8085-635A-2701-000000008A02}5572C:\Windows\System32\Taskmgr.exe43120x00000000007E0000-- 824800x8000000000000000346069Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.679{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FC00-000000008A02}4308C:\Windows\System32\conhost.exe56520x0000000000790000-- 824800x8000000000000000346043Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.664{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7FF4-635A-FB00-000000008A02}3524C:\Windows\System32\cmd.exe20200x0000000000D70000-- 824800x8000000000000000346033Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.648{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7F84-635A-E900-000000008A02}1612C:\Program Files\Notepad++\notepad++.exe15760x0000000000800000-- 824800x8000000000000000346031Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.633{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7E86-635A-AD00-000000008A02}5308C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe66800x0000000000480000-- 824800x8000000000000000346023Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.617{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7E75-635A-9600-000000008A02}4408C:\Windows\explorer.exe27320x0000000000B00000-- 824800x8000000000000000346008Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.601{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8F00-000000008A02}1120C:\Windows\System32\taskhostw.exe59200x0000000000360000-- 824800x8000000000000000345999Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.586{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8E00-000000008A02}944C:\Windows\System32\svchost.exe5920x0000000000400000-- 824800x8000000000000000345986Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.570{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8D00-000000008A02}324C:\Windows\System32\sihost.exe7040x0000000000170000-- 824800x8000000000000000345971Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.554{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8C00-000000008A02}640C:\Windows\System32\RuntimeBroker.exe44480x00000000004B0000-- 824800x8000000000000000345967Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:56.539{3381F800-8DEC-635A-F705-000000008A02}6648C:\Windows\SysWOW64\wermgr.exe{3381F800-7E73-635A-8B00-000000008A02}508C:\Windows\System32\rdpclip.exe63720x0000000000320000-- 824800x8000000000000000341553Microsoft-Windows-Sysmon/Operationalwin-dc-ctus-attack-range-487.attackrange.local-2022-10-27 13:55:01.889{3381F800-8DB4-635A-ED05-000000008A02}6868C:\Windows\SysWOW64\wermgr.exe{3381F800-8DB5-635A-EE05-000000008A02}3188C:\Windows\System32\PING.EXE2240x0000000000850000--