11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640373 Keywords=None Message=Completed invocation of ScriptBlock ID: f0ab721f-abd8-4faf-b281-80216d449ecd Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640372 Keywords=None Message=Started invocation of ScriptBlock ID: f0ab721f-abd8-4faf-b281-80216d449ecd Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640371 Keywords=None Message=Completed invocation of ScriptBlock ID: ecab0ec7-1f24-478d-9cb0-d6afb2fc9f9d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640370 Keywords=None Message=Started invocation of ScriptBlock ID: ecab0ec7-1f24-478d-9cb0-d6afb2fc9f9d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640369 Keywords=None Message=Started invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640368 Keywords=None Message=Completed invocation of ScriptBlock ID: 17d781e7-b5d3-4612-977f-d3e4aa23b722 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640367 Keywords=None Message=Completed invocation of ScriptBlock ID: 9f2a1aeb-cc77-4d3b-98f5-7b1a9c9bf32d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640366 Keywords=None Message=Started invocation of ScriptBlock ID: 9f2a1aeb-cc77-4d3b-98f5-7b1a9c9bf32d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640365 Keywords=None Message=Started invocation of ScriptBlock ID: 17d781e7-b5d3-4612-977f-d3e4aa23b722 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640364 Keywords=None Message=Creating Scriptblock text (1 of 1): prompt ScriptBlock ID: 17d781e7-b5d3-4612-977f-d3e4aa23b722 Path: 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40962 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Stop RecordNumber=640363 Keywords=None Message=PowerShell console is ready for user input 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640362 Keywords=None Message=Completed invocation of ScriptBlock ID: 73896ce1-f93e-47a7-90ce-c57ed146277a Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640361 Keywords=None Message=Started invocation of ScriptBlock ID: 73896ce1-f93e-47a7-90ce-c57ed146277a Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640360 Keywords=None Message=Completed invocation of ScriptBlock ID: ba6a674c-f9ae-4af1-92c0-a8187005328d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640359 Keywords=None Message=Started invocation of ScriptBlock ID: ba6a674c-f9ae-4af1-92c0-a8187005328d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=53504 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=PowerShell Named Pipe IPC OpCode=Open (async) RecordNumber=640358 Keywords=None Message=Windows PowerShell has started an IPC listening thread on process: 2248 in AppDomain: DefaultAppDomain. 11/18/2021 09:17:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=40961 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=PowerShell Console Startup OpCode=Start RecordNumber=640357 Keywords=None Message=PowerShell console is starting up 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640385 Keywords=None Message=Started invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640384 Keywords=None Message=Completed invocation of ScriptBlock ID: 3f8bf7f7-cab2-4cfd-9c0f-92ffa583a33f Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640383 Keywords=None Message=Completed invocation of ScriptBlock ID: 9f2a1aeb-cc77-4d3b-98f5-7b1a9c9bf32d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640382 Keywords=None Message=Started invocation of ScriptBlock ID: 9f2a1aeb-cc77-4d3b-98f5-7b1a9c9bf32d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640381 Keywords=None Message=Started invocation of ScriptBlock ID: 3f8bf7f7-cab2-4cfd-9c0f-92ffa583a33f Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640380 Keywords=None Message=Creating Scriptblock text (1 of 1): prompt ScriptBlock ID: 3f8bf7f7-cab2-4cfd-9c0f-92ffa583a33f Path: 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640379 Keywords=None Message=Completed invocation of ScriptBlock ID: 29ed5bb0-ab3f-4fbe-b613-411c189b9361 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640378 Keywords=None Message=Started invocation of ScriptBlock ID: 29ed5bb0-ab3f-4fbe-b613-411c189b9361 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640377 Keywords=None Message=Completed invocation of ScriptBlock ID: 5aa67a97-6282-4557-8068-f09fbe2d9df9 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640376 Keywords=None Message=Started invocation of ScriptBlock ID: 5aa67a97-6282-4557-8068-f09fbe2d9df9 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640375 Keywords=None Message=Creating Scriptblock text (1 of 1): hostname ScriptBlock ID: 5aa67a97-6282-4557-8068-f09fbe2d9df9 Path: 11/18/2021 09:17:19 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640374 Keywords=None Message=Completed invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640397 Keywords=None Message=Started invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640396 Keywords=None Message=Completed invocation of ScriptBlock ID: 229cc245-823c-45bf-b90e-85dd21f8b7c4 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640395 Keywords=None Message=Completed invocation of ScriptBlock ID: 9f2a1aeb-cc77-4d3b-98f5-7b1a9c9bf32d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640394 Keywords=None Message=Started invocation of ScriptBlock ID: 9f2a1aeb-cc77-4d3b-98f5-7b1a9c9bf32d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640393 Keywords=None Message=Started invocation of ScriptBlock ID: 229cc245-823c-45bf-b90e-85dd21f8b7c4 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640392 Keywords=None Message=Creating Scriptblock text (1 of 1): prompt ScriptBlock ID: 229cc245-823c-45bf-b90e-85dd21f8b7c4 Path: 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640391 Keywords=None Message=Completed invocation of ScriptBlock ID: 29ed5bb0-ab3f-4fbe-b613-411c189b9361 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640390 Keywords=None Message=Started invocation of ScriptBlock ID: 29ed5bb0-ab3f-4fbe-b613-411c189b9361 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640389 Keywords=None Message=Completed invocation of ScriptBlock ID: a997c5ec-f159-4770-b7bc-77c5d52f6add Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640388 Keywords=None Message=Started invocation of ScriptBlock ID: a997c5ec-f159-4770-b7bc-77c5d52f6add Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640387 Keywords=None Message=Creating Scriptblock text (1 of 1): ipconfig ScriptBlock ID: a997c5ec-f159-4770-b7bc-77c5d52f6add Path: 11/18/2021 09:17:20 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640386 Keywords=None Message=Completed invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:22 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640399 Keywords=None Message=Completed invocation of ScriptBlock ID: 5b33acc9-d12b-4ba0-a845-18aa0cbf0ba0 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:17:22 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640398 Keywords=None Message=Started invocation of ScriptBlock ID: 5b33acc9-d12b-4ba0-a845-18aa0cbf0ba0 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:05 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8197 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=Open (async) RecordNumber=640406 Keywords=None Message=Runspace state changed to Opening 11/18/2021 09:18:05 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8195 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=Open (async) RecordNumber=640405 Keywords=None Message=Opening RunspacePool 11/18/2021 09:18:05 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8194 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=to be used when an object is constructed RecordNumber=640404 Keywords=None Message=Creating RunspacePool object InstanceId 51614d8b-f146-4288-9b00-937cdc608f1b MinRunspaces 1 MaxRunspaces 1 11/18/2021 09:18:05 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8193 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=to be used when an object is constructed RecordNumber=640403 Keywords=None Message=Creating Runspace object Instance Id: 3d569192-f4ad-45fa-8aa1-8506b966c1cd 11/18/2021 09:18:05 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640402 Keywords=None Message=Started invocation of ScriptBlock ID: 89b3c888-c1fd-4293-9752-c449f8347607 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:05 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640401 Keywords=None Message=Creating Scriptblock text (1 of 1): Enter-PSSession -ComputerName win-host-987 ScriptBlock ID: 89b3c888-c1fd-4293-9752-c449f8347607 Path: 11/18/2021 09:18:05 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640400 Keywords=None Message=Completed invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640437 Keywords=None Message=Started invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640436 Keywords=None Message=Completed invocation of ScriptBlock ID: 9a176bf8-2065-4d6d-80d2-f1e2f0be79eb Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640435 Keywords=None Message=Completed invocation of ScriptBlock ID: 9f2a1aeb-cc77-4d3b-98f5-7b1a9c9bf32d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640434 Keywords=None Message=Started invocation of ScriptBlock ID: 9f2a1aeb-cc77-4d3b-98f5-7b1a9c9bf32d Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640433 Keywords=None Message=Started invocation of ScriptBlock ID: 9a176bf8-2065-4d6d-80d2-f1e2f0be79eb Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640432 Keywords=None Message=Creating Scriptblock text (1 of 1): prompt ScriptBlock ID: 9a176bf8-2065-4d6d-80d2-f1e2f0be79eb Path: 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640431 Keywords=None Message=Completed invocation of ScriptBlock ID: 29ed5bb0-ab3f-4fbe-b613-411c189b9361 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640430 Keywords=None Message=Started invocation of ScriptBlock ID: 29ed5bb0-ab3f-4fbe-b613-411c189b9361 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640429 Keywords=None Message=Completed invocation of ScriptBlock ID: 89b3c888-c1fd-4293-9752-c449f8347607 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640428 Keywords=None Message=Completed invocation of ScriptBlock ID: ffe9db97-348c-4237-8161-39023706827e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640427 Keywords=None Message=Completed invocation of ScriptBlock ID: 13cd1e50-269b-4d74-aa48-3ca48721171f Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640426 Keywords=None Message=Started invocation of ScriptBlock ID: 13cd1e50-269b-4d74-aa48-3ca48721171f Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640425 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.OriginInfo } ScriptBlock ID: 13cd1e50-269b-4d74-aa48-3ca48721171f Path: 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640424 Keywords=None Message=Completed invocation of ScriptBlock ID: 04679dd3-fee1-45b2-bc67-01d7132807af Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640423 Keywords=None Message=Started invocation of ScriptBlock ID: 04679dd3-fee1-45b2-bc67-01d7132807af Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640422 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.ErrorCategory_Message } ScriptBlock ID: 04679dd3-fee1-45b2-bc67-01d7132807af Path: 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640421 Keywords=None Message=Completed invocation of ScriptBlock ID: b35402c8-c6ca-4332-b030-fb650ca8bd77 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640420 Keywords=None Message=Completed invocation of ScriptBlock ID: 2e4303ad-8d87-4782-aedb-e97421a67b43 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640419 Keywords=None Message=Completed invocation of ScriptBlock ID: 51237ca6-fb9f-4de4-812d-dd723c447581 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640418 Keywords=None Message=Started invocation of ScriptBlock ID: 51237ca6-fb9f-4de4-812d-dd723c447581 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640417 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $this.Exception.InnerException.PSMessageDetails } ScriptBlock ID: 51237ca6-fb9f-4de4-812d-dd723c447581 Path: 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640416 Keywords=None Message=Started invocation of ScriptBlock ID: 2e4303ad-8d87-4782-aedb-e97421a67b43 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640415 Keywords=None Message=Started invocation of ScriptBlock ID: b35402c8-c6ca-4332-b030-fb650ca8bd77 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640414 Keywords=None Message=Creating Scriptblock text (1 of 1): { Set-StrictMode -Version 1; $_.PSMessageDetails } ScriptBlock ID: b35402c8-c6ca-4332-b030-fb650ca8bd77 Path: 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640413 Keywords=None Message=Started invocation of ScriptBlock ID: ffe9db97-348c-4237-8161-39023706827e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640412 Keywords=None Message=Completed invocation of ScriptBlock ID: 1e4accaa-acf1-44b7-9563-966b2d9c3f20 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640411 Keywords=None Message=Started invocation of ScriptBlock ID: 1e4accaa-acf1-44b7-9563-966b2d9c3f20 Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8197 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=Open (async) RecordNumber=640410 Keywords=None Message=Runspace state changed to Broken 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=32784 EventType=2 Type=Error ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=Open (async) RecordNumber=640409 Keywords=None Message=Runspace Id: 51614d8b-f146-4288-9b00-937cdc608f1b Pipeline Id: 00000000-0000-0000-0000-000000000000. WSMan reported an error with error code: -2144108103. Error message: Connecting to remote server win-host-987 failed with the following error message : The WinRM client cannot process the request because the server name cannot be resolved. For more information, see the about_Remote_Troubleshooting Help topic. StackTrace: 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640408 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:08 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640407 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=53504 EventType=4 Type=Information ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=PowerShell Named Pipe IPC OpCode=Open (async) RecordNumber=12101149 Keywords=None Message=Windows PowerShell has started an IPC listening thread on process: 5656 in AppDomain: DefaultAppDomain. 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640453 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640452 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8197 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=Open (async) RecordNumber=640451 Keywords=None Message=Runspace state changed to Opened 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640450 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640449 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640448 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640447 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640446 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640445 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8197 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=Open (async) RecordNumber=640444 Keywords=None Message=Runspace state changed to Opening 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8195 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=Open (async) RecordNumber=640443 Keywords=None Message=Opening RunspacePool 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8194 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=to be used when an object is constructed RecordNumber=640442 Keywords=None Message=Creating RunspacePool object InstanceId 700058f2-37aa-43bc-9a87-f64efec4f8c1 MinRunspaces 1 MaxRunspaces 1 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8193 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Connect OpCode=to be used when an object is constructed RecordNumber=640441 Keywords=None Message=Creating Runspace object Instance Id: 3818df58-1c33-4b8f-835a-baf54342bc86 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640440 Keywords=None Message=Started invocation of ScriptBlock ID: 142510f9-f5dc-44e6-af58-910729ce2a1a Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4104 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Execute a Remote Command OpCode=On create calls RecordNumber=640439 Keywords=None Message=Creating Scriptblock text (1 of 1): Enter-PSSession -ComputerName win-host-987.attackrange.local ScriptBlock ID: 142510f9-f5dc-44e6-af58-910729ce2a1a Path: 11/18/2021 09:18:13 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640438 Keywords=None Message=Completed invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=12101159 Keywords=None Message=Completed invocation of ScriptBlock ID: 85539fc1-d6bb-42f9-968d-cc9cbf4488c3 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=12101158 Keywords=None Message=Started invocation of ScriptBlock ID: 85539fc1-d6bb-42f9-968d-cc9cbf4488c3 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=12101157 Keywords=None Message=Completed invocation of ScriptBlock ID: 96d0e2a6-8ba4-4f5a-964a-cba78b3eb467 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=12101156 Keywords=None Message=Started invocation of ScriptBlock ID: 96d0e2a6-8ba4-4f5a-964a-cba78b3eb467 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=12101155 Keywords=None Message=Completed invocation of ScriptBlock ID: 96d0e2a6-8ba4-4f5a-964a-cba78b3eb467 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=12101154 Keywords=None Message=Started invocation of ScriptBlock ID: 96d0e2a6-8ba4-4f5a-964a-cba78b3eb467 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=12101153 Keywords=None Message=Completed invocation of ScriptBlock ID: 1ea85913-9de5-477c-b718-016ace4749be Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=12101152 Keywords=None Message=Started invocation of ScriptBlock ID: 1ea85913-9de5-477c-b718-016ace4749be Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=12101151 Keywords=None Message=Completed invocation of ScriptBlock ID: 9cf66018-a356-4549-94a1-5e40bd27e528 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=12101150 Keywords=None Message=Started invocation of ScriptBlock ID: 9cf66018-a356-4549-94a1-5e40bd27e528 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640465 Keywords=None Message=Started invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640464 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640463 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640462 Keywords=None Message=Completed invocation of ScriptBlock ID: 142510f9-f5dc-44e6-af58-910729ce2a1a Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640461 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640460 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640459 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640458 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640457 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640456 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640455 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:14 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640454 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:16 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640471 Keywords=None Message=Started invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:16 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640470 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:16 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640469 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:16 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640468 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:16 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640467 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:16 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640466 Keywords=None Message=Completed invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:16 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=12101161 Keywords=None Message=Completed invocation of ScriptBlock ID: 85539fc1-d6bb-42f9-968d-cc9cbf4488c3 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:16 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=12101160 Keywords=None Message=Started invocation of ScriptBlock ID: 85539fc1-d6bb-42f9-968d-cc9cbf4488c3 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:17 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=640472 Keywords=None Message=Completed invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:18 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4106 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Stopping Command OpCode=On create calls RecordNumber=12101163 Keywords=None Message=Completed invocation of ScriptBlock ID: 85539fc1-d6bb-42f9-968d-cc9cbf4488c3 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:18 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-host-987.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=12101162 Keywords=None Message=Started invocation of ScriptBlock ID: 85539fc1-d6bb-42f9-968d-cc9cbf4488c3 Runspace ID: 99397614-4fd3-490f-a232-ab1bbd6c1abd 11/18/2021 09:18:18 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=4105 EventType=5 Type=Verbose ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=Starting Command OpCode=On create calls RecordNumber=640477 Keywords=None Message=Started invocation of ScriptBlock ID: 20a3ba31-512f-4c5c-bc2c-4d5c687ac43e Runspace ID: 41a58533-55aa-4b45-9d36-56ea81ded754 11/18/2021 09:18:18 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640476 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:18 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640475 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:18 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=12039 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640474 Keywords=None Message=Modifying activity Id and correlating 11/18/2021 09:18:18 PM LogName=Microsoft-Windows-PowerShell/Operational SourceName=Microsoft-Windows-PowerShell EventCode=8196 EventType=4 Type=Information ComputerName=win-dc-128.attackrange.local User=NOT_TRANSLATED Sid=S-1-5-21-1166625382-1442148322-2337405042-500 SidType=0 TaskCategory=None OpCode=To be used when operation is just executing a method RecordNumber=640473 Keywords=None Message=Modifying activity Id and correlating